The data we collect includes names, addresses, age, gender and contact information. Parental consent forms are also submitted to ride organisers / secretaries.
The data is collected directly from Members and others entering AFRA events.
We may also record data about people making enquiries to AFRA who are not members for the purposes of providing information about membership and events.
We may hold photographs of individuals including generic photographs where individuals may be difficult to identify.
We use members’ data for the administration of your membership; the communication of information, including sending the AFRA Update newsletter and the organisation of events. Specifically a members’ email address is used to send out information relating to the Annual General Meeting. The postal address is used for this information when an email address is not available.
Parental consent forms are also submitted to event organisers / secretaries.
We provide a limited amount of data for use by organisers and volunteers for the proper and accurate administration of our pleasure rides or other events.
Member data is provided to the AFRA Committee and to those organising AFRA events.
Member data may be passed to our Card processing providers for financial transactions related to event entries, membership and other online purchases.
Membership Lists may be sent to an external mailing house for the purpose of printing and distributing letters or other communications to members. The mailing house deletes this information once the distribution has been made.
Using MyClubHouse, you can elect to share your contact details with other AFRA members. The default setting is that this information is NOT shared.
Member data is sourced directly from the member through online or paper application forms and can be viewed and amended online by the member or by request to the AFRA secretary.
Most of our data, including our main database, is stored in a secure database hosted by MyClubHouse in compliance with the GDPR.
Information for event organisers is usually provided via spreadsheets which are held locally and destroyed when they are no longer required.
Most member emails will be sent using the facilities of MyClubHouse which is GDPR compliant. Individual emails to and from members of the AFRA Committee may be sent using their own personal accounts.
The remainder of our data is kept in the form of written documents stored by our secretary.
Under the GDPR (General Data Protection Regulation) we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring AFRA discharges its obligations under the GDPR is the Secretary. The Secretary will maintain a log of data breaches and notify the ICO and any members affected as necessary, in accordance with our legal obligations.
Members of the AFRA Committee have access to members’ data in order for them to carry out their legitimate tasks for the organisations, such as responding to enquiries from those members.
Those organising AFRA events are sent the limited information necessary for them to accurately and safely administer their event.
Sub-contractors of AFRA may be given access to data for specific tasks, such as mailing AFRA letters or written communications on our behalf. They are not allowed to use it for any other purpose.
Other AFRA members may have access to your personal data only if you have chosen to share it with them.
AFRA collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation.
For some data, such as that relating to financial matters, the basis for its collection and retention is to comply with our legal obligations.
If you want to see the basic membership data we hold about you, you can log in to www.MyClubHouse.co.uk/AFRA. There you can also update most of your details or change the permissions you wish to grant for the use of your data.
You can contact us with a “Subject Access Request” if you want to ask us to provide you with any other information we hold about you. If you are interested in any aspects, specifying them will help us to provide you with what you need quickly and efficiently. We are required to provide this to you within 30 days.
There is not usually a fee for this, though we can charge a reasonable fee based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or for requests for further copies of the same information.
The GDPR refers to sensitive personal data as “special categories of personal data”.
Medical information may be held when provided by a rider, in confidence, and used in the event of an accident. Parental consent forms are also submitted to event organisers.
There are various ways in which you can limit how your data is used:
We normally keep members’ data after their membership lapses. This is because we find members sometimes later wish to re-join, sometimes with a break of a year or more. However, we will delete any former member’s contact details entirely and will comply with a right to be forgotten on request.
Other data, such as that relating to accounting matters, is kept for at least the legally required or recommended period – 7 years for financial transactions.